1. Field
The present embodiments relate to techniques for evaluating a disassembler. More specifically, the present embodiments relate to a method and system for validating the operation of a disassembler.
2. Related Art
A disassembler is typically used to translate an executable program into an equivalent assembly representation. In other words, the disassembler translates machine code from the executable program into human-readable assembly code. The assembly representation may then be used to analyze the program's structure and execution. For example, assembly code from the disasembler may be used to debug the program, validate the program's compliance with a security policy, and/or reverse engineer the functionality of the program.
Disassembler design is often based on documentation associated with a processor and/or instruction set architecture (ISA). For example, an x86 disassembler may operate using a table that includes mappings between x86 operation codes (opcodes) and assembly code. Such mappings may be based on documentation provided by x86 processor vendors. As a result, x86 executables may be disassembled by reading machine code from the x86 executables and looking up the corresponding assembly instructions from the table.
However, documentation for very long instruction word (VLIW) and/or variable length ISAs (e.g., x86) may frequently be inaccurate and/or incomplete. Hence, disassemblers built using such documentation may produce inaccurate or inconsistent results. Furthermore, security tests of executable programs that use these disassemblers may be unreliable. For example, an x86 disassembler may be unable to reveal the use of certain system calls, illegal memory accesses, branch targets, and/or other security-related issues within an x86 executable program.
Hence, it is advantageous to provide mechanisms for verifying the correctness of disassemblers.